Devsecops Engineer

**Top 3 reasons to join us**:

- AI-first company shaping the future of fitness
- Join a passionate global team across VN, US, & UK
- Collaborative team valuing joy & creativity

**Job description**:
You’ll also play a key role in our architectural transition from a monolith to a secure, scalable, multi-region microservices platform — ready for data-driven insights and AI/ML evolution.

What you’ll do at Everfit**:
** Security Engineering & Operations**
- Conduct regular penetration tests and vulnerability assessments.
- Monitor security alerts and logs to detect and respond to threats.
- Manage vulnerability scanning tools and patching cycles.

** Access & Authentication**
- Implement SSO (Google Login) across all services.
- Enforce MFA, RBAC, and the principle of least privilege.
- Strengthen API authentication and authorization mechanisms.

** Cloud & Infrastructure Security**
- Secure AWS/GCP resources, including networking and IAM.
- Integrate security checks into CI/CD pipelines.

** Governance, Compliance & Awareness**
- Develop and enforce security policies and internal documentation.
- Support internal audits and compliance efforts (HIPAA, GDPR).
- Lead security awareness and training programs for staff.

** Incident Response & Improvement**
- Develop and maintain an incident response plan.
- Provide ongoing recommendations for enhancing security posture.
- Stay current with emerging threats and solutions.

**Your skills and experience**:

- 3+ years in DevOps, Cloud Infrastructure, or Security Engineering.
- Good at English communication (both verbal and non-verbal)
- Hands-on experience with AWS or GCP and IaC tools (e.g., Terraform).
- Strong knowledge of Linux, containers, CI/CD, and SAST/DAST tools.
- Experience with security audits, frameworks, and controls.
- Ability to balance security with engineering velocity.
- Excellent communication and cross-functional collaboration skills.
- Ability to work in a high pressure, startup environment.

** [Nice to have]**
- Experience with multi-region microservices architect, big data or AI stack.
- Prior experience in HIPAA/GDPR-compliant environments.
- Knowledge of least privilege principles (PoLP).
- Familiarity with SOC 2 certification processes.
- Certifications (e.g., CISSP, CISM, Security+, AWS Security).

**Why you'll love working here**:
** Compensation & Benefits**:

- Full social insurance coverage (social, health and unemployment)
- Competitive salary with 13th-month pay and performance bonus.
- Quarterly performance bonuses and year-end awards.
- Paid sick leave, maternity leave, and vacation days.

** Work Environment**:

- Agile-Scrum methodology with flexible work hours.
- Talented people from all over Vietnam and the world.
- International team for global career growth.
- State-of-the-art equipment provided.
- Beautiful working environment near Danang's city center (Dragon Bridge) and Hanoi office.

** Health & Wellness**:

- PVI health care program & annual health checks.
- Sports clubs (football, badminton, pickle-ball) & company retreats.
- Modern pantry for relaxation.
- Monthly workshop

** Professional Growth**:

- Training, mentoring & e-learning opportunities.
- 1-2 performance reviews annually.
- Potential opportunities to join a fast-growing company.